This part of my rules captures the IP of the script kiddie if they try more than
2 times in 60 seconds.. (a bit restrictive yes.. and you can change the interval)
then dumps the offending IP to the table "scanners"

Any subsequent connection from the offiending IP is then dropped..
The table is flushed upon reboot.
I "used" to have a script that would also dump the offending IP's to a permanent
table but that proved unnecessary to keep them.

I am assuming that there is also a solution for http.. but I have never found the need to
implement one..

One of the other "more learned" mods like J65nko or a frequent pf master like s2Scott might provide you a much moretechnical response... :-)

If it is a real DDos attacks and your network connection is flooded with these attempts, not accepting the connections will not help you at all. You will have to ask your ISP to deal with it upstream.

If my street is blocked with hundreds of people who want to visit me, then DHL will not be able to deliver the present I ordered for my wife. It doesn't matter whether I let that crowd in in or leave them standing outside

__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump

Hello
When I was on Linux I had the misfortune to be confronted with the DDOS attack, I change OS I am running OpenBSD I would not see the same problem. I mean the http service
So to counter this, the time when I was still on Linux I'm leaning on a mod for Apache interesting: mod_evasive.

How to fight effectively against DDOS attacks?.

As J5nko put it.. you can't stop the traffic but in your case your
webserver was over loaded and probably crashed the Linux box..

Jggimi pointed you in the right direction..
There is a good example on that page..